| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris 11.1 Administration: Security Services Oracle Solaris 11.1 Information Library |
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Verifying File Integrity by Using BART (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Security Attributes in Oracle Solaris (Reference)
Part IV Cryptographic Services
11. Cryptographic Framework (Overview)
12. Cryptographic Framework (Tasks)
Part V Authentication Services and Secure Communication
14. Using Pluggable Authentication Modules
Secure Shell in the Enterprise
Configuring Secure Shell (Tasks)
Configuring Secure Shell (Task Map)
How to Set Up Host-Based Authentication for Secure Shell
How to Configure Port Forwarding in Secure Shell
How to Create User and Host Exceptions to Secure Shell Defaults
How to Create an Isolated Directory for sftp Files
How to Generate a Public/Private Key Pair for Use With Secure Shell
How to Change the Passphrase for a Secure Shell Private Key
How to Log In to a Remote Host With Secure Shell
How to Reduce Password Prompts in Secure Shell
How to Remotely Administer ZFS With Secure Shell
How to Use Port Forwarding in Secure Shell
How to Copy Files With Secure Shell
How to Set Up Default Secure Shell Connections to Hosts Outside a Firewall
17. Using Simple Authentication and Security Layer
18. Network Services Authentication (Tasks)
19. Introduction to the Kerberos Service
20. Planning for the Kerberos Service
21. Configuring the Kerberos Service (Tasks)
22. Kerberos Error Messages and Troubleshooting
23. Administering Kerberos Principals and Policies (Tasks)
24. Using Kerberos Applications (Tasks)
25. The Kerberos Service (Reference)
The Secure Shell is a fork of the OpenSSH project. Security fixes for vulnerabilities that are discovered in later versions of OpenSSH are integrated into Secure Shell, as are individual bug fixes and features. Internal development continues on the Secure Shell fork.
The following features are implemented for the v2 protocol in this release of Secure Shell:
ForceCommand keyword – Forces the execution of the specified command regardless of what the user types on the command line. This keyword is very useful inside a Match block. This sshd_config configuration option is similar to the command="..." option in $HOME/.ssh/authorized_keys.
AES-128 passphrase protection – In this release, private keys that are generated by the ssh-keygen command are protected with the AES-128 algorithm. This algorithm protects newly-generated keys and re-encrypted keys, such as when a passphrase is changed.
-u option to sftp-server command – Enables user to set an explicit umask on files and directories. This option overrides the user's default umask. For an example, see the description of Subsystem on the sshd_config(4) man page.
Additional keywords for Match blocks – AuthorizedKeysFile, ForceCommand, and HostbasedUsesNameFromPacketOnly are supported inside Match blocks. By default, the value of AuthorizedKeysFile is $HOME/.ssh/authorized_keys and HostbasedUsesNameFromPacketOnly is no. To use Match blocks, see How to Create User and Host Exceptions to Secure Shell Defaults.
While Oracle Solaris engineers provide bug fixes to the project, they have also integrated the following Oracle Solaris features into the fork of Secure Shell:
PAM - Secure Shell uses PAM. The OpenSSH UsePAM configuration option is not supported.
Privilege separation - Secure Shell does not use the privilege separation code from the OpenSSH project. Secure Shell separates the processing of auditing, record keeping and re-keying from the processing of the session protocols.
Secure Shell privilege separation code is always on and cannot be switched off. The OpenSSH UsePrivilegeSeparation option is not supported.
Locale - Secure Shell fully supports language negotiation as defined in RFC 4253, Secure Shell Transfer Protocol. After the user logs in, the user's login shell profile can override the Secure Shell negotiated locale settings.
Auditing - Secure Shell is fully integrated into the Solaris audit service. For information about the audit service, see Part VII, Auditing in Oracle Solaris.
GSS-API support - GSS-API can be used for user authentication and for initial key exchange. The GSS-API is defined in RFC4462, Generic Security Service Application Program Interface.
Proxy commands - Secure Shell provides proxy commands for SOCKS5 and HTTP protocols. For an example, see How to Set Up Default Secure Shell Connections to Hosts Outside a Firewall.
In the Oracle Solaris releases, Secure Shell resyncs the SSH_OLD_FORWARD_ADDR compatibility flag from the OpenSSH project. As of March 2011, the Secure Shell version is 1.5.
|